שתף באמצעות


Manage Site and Hierarchy Configurations

 

Updated: December 16, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

Use the information in the following sections to help you manage site and hierarchy configurations in Microsoft System Center 2012 Configuration Manager.

  • Manage the SMS Provider Configuration for a Site

  • Configure DCOM Permissions for Remote Configuration Manager Console Connections

  • Configure the Site Database to Use a SQL Server Cluster

  • Configure Custom Locations for the Site Database Files

  • Modify the Site Database Configuration

    • How to Manage the SPN for SQL Server Site Database Servers
  • Manage Site Components with the Configuration Manager Service Manager

  • Perform a Site Reset

  • Manage Language Packs at Configuration Manager Sites

Manage the SMS Provider Configuration for a Site

The SMS Provider is a dynamic-link library file (smsprov.dll) that you install or uninstall by running System Center 2012 Configuration Manager Setup. At each Configuration Manager site, you can re-run Setup to change the SMS Provider configuration. To remove the last SMS Provider for a site, you must uninstall the site.

You can monitor the installation or removal of the SMS Provider by viewing the ConfigMgrSetup.log in the root folder of the site server on which you run Setup.

Use the following procedure to manage SMS Providers for a site.

To manage the SMS Provider configuration for a site

  1. Run Configuration Manager Setup from <Configuration Manager site installation folder>\BIN\X64\setup.exe.

  2. On the Getting Started page, select Perform site maintenance or reset this site, and then click Next

  3. On the Site Maintenance page, select Modify SMS Provider configuration, and then click Next.

  4. On the Manage SMS Providers page, select one of the following options and complete the wizard by using one of the following options:

    - To add an additional SMS Provider at this site:
    
      Select **Add a new SMS Provider**, specify the FQDN for a computer that will host the SMS Provider and does not currently host a SMS Provider, and then click **Next**.
    
    - To remove an SMS Provider from a server:
    
      Select **Uninstall the specified SMS Provider**, select the name of the computer from which you want to remove the SMS Provider, click **Next**, and then confirm the action.
    
      <div class="alert">
    
    
      > [!TIP]
      > <P>To move the SMS Provider between two computers, you must install the SMS Provider to the new computer, and remove the SMS Provider from the original location. There is no dedicated option to move the SMS Provider between computers in a single process.</P>
    
    
      </div>
    

After the Setup Wizard finishes, the SMS Provider configuration is completed. On the General tab in the site Properties dialog box, you can verify the computers that have an SMS Provider installed for a site.

Configure DCOM Permissions for Remote Configuration Manager Console Connections

The user account that runs the Configuration Manager console requires permission to access the site database by using the SMS Provider. However, an administrative user who uses a remote Configuration Manager console also requires Remote Activation DCOM permissions on the site server computer and on the SMS Provider computer.

The SMS Admins group grants access to the SMS Provider and can also be used to grant the required DCOM permissions.

Important

The Configuration Manager console uses Windows Management Instrumentation (WMI) to connect to the SMS Provider, and WMI internally uses DCOM. Therefore, Configuration Manager requires permissions to activate a DCOM server on the SMS Provider computer if the Configuration Manager console is running on a computer other than the SMS Provider computer. By default, Remote Activation is granted only to the members of the built-in Administrators group. If you allow the SMS Admins group to have Remote Activation permission, a member of this group could attempt DCOM attacks against the SMS Provider computer. This configuration also increases the attack surface of the computer. To mitigate this threat, carefully monitor the membership of the SMS Admins group. For more information about the security risks associated with allowing remote activation, see DCOM Security Enhancements in Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1.

Use the following procedure to configure each central administration site, primary site server, and each computer where the SMS Provider is installed to grant remote Configuration Manager console access for administrative users.

Note

The following procedure applies to Windows Server 2008 R2. If you have a different operating system version, refer to the documentation for your version about how to configure DCOM permissions if you cannot use the steps in this procedure.

To configure DCOM permissions for remote Configuration Manager console connections (Windows Server 2008 R2)

  1. On the Start menu, click Run and type Dcomcnfg.exe.

  2. In Component Services, click Console root, expand Component Services, expand Computers, and then click My Computer. On the Action menu, click Properties.

  3. In the My Computer Properties dialog box, on the COM Security tab, in the Launch and Activation Permissions section, click Edit Limits.

  4. In the Launch and Activation Permissions dialog box, click Add.

  5. In the Select User, Computers, Service Accounts, or Groups dialog box, in the Enter the object names to select (examples) box, type SMS Admins, and then click OK.

    Note

    You might have to change the setting for From this Location to locate the SMS Admins group. This group is local to the computer when the SMS Provider runs on a member server, and is a domain local group when the SMS Provider runs on a domain controller.

  6. In the Permissions for SMS Admins section, to allow remote activation, select the Remote Activation check box.

  7. Click OK and click OK again, and then close Computer Management. Your computer is now configured to allow remote Configuration Manager console access to members of the SMS Admins group.

Repeat this procedure on each SMS Provider computer that might support remote Configuration Manager consoles.

Configure the Site Database to Use a SQL Server Cluster

System Center 2012 Configuration Manager supports the use of a virtual Microsoft SQL Server cluster instance to host the Configuration Manager site database. For a list of supported SQL Server versions and supported configurations for the SQL Server cluster, see the Configurations for the SQL Server Site Database section in the Supported Configurations for Configuration Manager topic.

Configuration Manager Setup does not create or configure the SQL Server cluster. The clustered SQL Server environment must be configured before it can be used to host the site database. When you use a SQL Server cluster, Configuration Manager automatically checks each hour for changes to the SQL Server cluster node. Changes in the configuration of the SQL Server node that affect Configuration Manager component installation, such as a node failover or the introduction of a new node to the SQL Server cluster, are automatically managed by Configuration Manager.

Note

When you use a clustered SQL Server instance to host the site database, the TCP/IP network communication protocol must be enabled for each SQL Server cluster node network connection. This is required to support Kerberos authentication. The named pipes communication protocol is not required, but can be used to troubleshoot Kerberos authentication issues. The network protocol settings are configured in SQL Server Configuration Manager under SQL Server Network Configuration.

Performance Considerations

Clustered SQL Server environments allow for failover support for the virtual SQL Server, and provide greater reliability for the site database. However, a site database on a clustered SQL Server configured for failover support does not provide additional processing or load balancing benefits and in fact, degradation in performance can occur. This is because the site server must find the active node of the SQL Server cluster before it connects to the site database.

SMS Provider Considerations

When you use a clustered SQL Server database to host the site database, install the SMS Provider on the site server or on a separate computer that does not host a SQL Server cluster node. It is not supported to install an instance of the SMS Provider on a SQL Server cluster or a computer that runs as a clustered SQL Server node.

How to Install Configuration Manager Using a Clustered SQL Server Instance

Use the following procedures to install the Configuration Manager site database for a central administration site or primary site, using a clustered virtual SQL Server instance during setup.

Note

During Configuration Manager Setup, the Volume Shadow Copy Service (VSS) writer will install on each physical computer node of the Microsoft Windows Server cluster to support the Backup Site Server maintenance task.

To install Configuration Manager using a clustered SQL Server instance

  1. Create the virtual SQL Server cluster to host the site database on an existing Windows Server cluster environment. For specific steps to install and configure a SQL Server cluster, see the documentation specific to your version of SQL Server. For example, if you are using SQL Server 2008 R2, see Installing a SQL Server 2008 R2 Failover Cluster.

  2. On each computer in the SQL Server cluster you can place a file with the name NO_SMS_ON_DRIVE.SMS in the root folder of each drive where you do not want Configuration Manager to install site components. By default, Configuration Manager installs some components on each physical node to support operations such as backup.

  3. Add the computer account of the site server to the Local Administrators group of each Windows Server cluster node computer.

  4. In the virtual SQL Server instance, assign the sysadmin SQL Server role to the user account that runs Configuration Manager Setup.

  5. Use Configuration Manager Setup to install the site using one of the procedures from the topic Install Sites and Create a Hierarchy for Configuration Manager, with the following alteration:

    1. On the Database Information page, specify the name of the clustered virtual SQL Server instance that will host the site database, in place of the name of the computer that runs SQL Server.

      Important

      During setup, you must enter the name of the virtual SQL Server cluster instance, and not the virtual Windows Server name created by the Windows Server cluster. Installing the site database using the Windows Server cluster virtual instance name will result in the site database being installed on the local hard drive of the active Windows Server cluster node, and it will prevent successful failover if that node fails.

  6. Complete the remainder of the Setup Wizard normally, to install Configuration Manager using a clustered SQL Server instance.

To configure Configuration Manager to use a site database on a clustered SQL Server instance

  1. Create the virtual SQL Server cluster to host the site database on an existing Windows Server cluster environment. For specific steps to install and configure a SQL Server cluster, see the documentation specific to your version of SQL Server. For example, if you are using SQL Server 2008 R2, see Installing a SQL Server 2008 R2 Failover Cluster.

  2. On each computer in the SQL Server cluster you can place a file with the name NO_SMS_ON_DRIVE.SMS in the root folder of each drive where you do not want Configuration Manager to install site components. By default, Configuration Manager installs some components on each physical node to support operations such as backup.

  3. Add the computer account of the site server to the Local Administrators group of each Windows Server cluster node computer.

  4. In the virtual SQL Server instance, assign the sysadmin SQL Server role to the user account that runs Configuration Manager Setup.

  5. On the site server, start the local copy of Configuration Manager Setup and on the Getting Started page, select Perform site maintenance or reset this Site, and then click Next.

  6. On the Site Maintenance page, select Modify SQL Server configuration, and then click Next.

  7. On the Database Information page, specify the name of the clustered virtual SQL Server instance to host the site database, and then click Next.

  8. Complete the Wizard to complete the move of the database to the virtual SQL Server cluster.

To verify that the site database was installed successfully

  1. Verify that Configuration Manager Setup completed successfully by reviewing the ConfigMgrSetup.log file located at the root of the system drive on site server computer.

  2. In SQL Server Management Studio, verify that the site database was created successfully.

  3. In the SQL Server Management Studio, verify that the following Database Roles were created for the site database:

    - **smsdbrole\_MP**
    
    - **smsdbrole\_siteprovider**
    
    - **smsdbrole\_siteserver**
    

    Note

    Depending on your site configuration, additional roles might be listed.

  4. Verify that the following SQL Server Database Roles for the site database have been assigned with the appropriate computer accounts:

    - **smsdbrole\_MP**: The computer account for each management point at the site.
    
    - **smsdbrole\_siteprovider**: The computer account for the site server and each computer that runs an instance of the SMS Provider for the site.
    
    - **smsdbrole\_siteserver**: The computer account for the site server computer.
    

    Note

    Depending on your site configuration, additional roles might be listed.

Configure Custom Locations for the Site Database Files

Configuration Manager supports custom locations for SQL Server database files.

  • To use custom locations for files when you use System Center 2012 Configuration Manager with no service pack or with SP1, you can pre-create a SQL Server database that uses non-default file locations. Next, when you install a site, direct the site to use this pre-created database. You cannot specify custom file locations during the install of a site when you use either version of Configuration Manager to create the site database.

  • Beginning with System Center 2012 R2 Configuration Manager, when you install a new primary site or central administration site, you can specify non-default file locations and Configuration Manager will create the site database using these locations. Optionally, you can still pre-create a SQL Server database that uses non-default file locations and then when you install the site specify that the site use that pre-created database.

    Note

    The option to specify non-default file locations is not available when you use a SQL Server cluster.

Also, you can change the location of the site database files after a site installs. To change the location of files after the site installs, you must stop the Configuration Manager site and then edit the file location in SQL Server. Use the following procedure at an installed site to move the file location within an instance of SQL Server.

To change the file location for a site database:

  1. On the Configuration Manager site server, stop the SMS_Executive service.

  2. Use the information about moving user databases for the version of SQL Server that you use. For example, if you use SQL Server 2008 R2, see Moving User Databases in the online documentation library for SQL Server 2008 R2.

  3. After you complete the database file move, restart the SMS_Executive service on the Configuration Manager site server.

Modify the Site Database Configuration

After you install a site, you can modify the configuration of the site database and site database server by running Setup on a central administration site server or primary site server. It is not supported to modify the database configuration for a secondary site.

For more information about the limits of support, see Support policy for manual database changes in a Configuration Manager environment

Note

When you modify the database configuration for a site, Configuration Manager restarts or reinstalls Configuration Manager services on the site server and remote site system servers that communicate with the database.

To modify the database configuration, you must run Setup on the site server and select the option Perform site maintenance or reset this site. Next, select the Modify SQL Server configuration option. You can change the following site database configurations:

  • The Windows-based server that hosts the database.

  • The instance of SQL Server in use on a server that hosts the SQL Server database.

  • The database name.

  • SQL Server Port in use by Configuration Manager

  • SQL Server Service Broker port in use by Configuration Manager

You can move the site database to a new instance of SQL Server on the same computer, or to a different computer that runs a supported version of SQL Server. If you move the site database, you must configure the following:

  • When you move the site database to a new computer, add the computer account of the site server to the Local Administrators group on the computer that runs SQL Server. If you use a SQL Server cluster for the site database, you must add the computer account to the Local Administrators group of each Windows Server cluster node computer.

  • When you move the database to a new instance on SQL Server, or to a new SQL Server computer, you must enable common language runtime (CLR) integration. To enable CLR, use SQL Server Management Studio to connect to the instance of SQL Server that hosts the site database and run the following stored procedure as a query: sp_configure ‘clr enabled’,1; reconfigure.

Important

Before you move a database that has one or more database replicas for management points, you must first remove the database replicas. After you complete the database move, you can reconfigure database replicas. For more information see the Operations for Using Database Replicas section in the Configure Database Replicas for Management Points topic.

After you have installed the Configuration Manager site, use the information in the following sections to help you manage a site database configuration. For information about planning site database configurations, see Planning for Database Servers in Configuration Manager.

How to Manage the SPN for SQL Server Site Database Servers

When you configure SQL Server to use the local system account to run SQL Server services, a Service Principal Name (SPN) for the account is automatically created in Active Directory Domain Services. When the local system account is not in use, you must manually register the SPN for the SQL Server service account.

You can register an SPN for the SQL Server service account of the site database server by using the Setspn tool. You must run the Setspn tool on a computer that resides in the domain of SQL Server, and it must use Domain Administrator credentials to run.

Use the following procedures as examples of how to manage the SPN for the SQL Server service account that uses the Setspn tool on Windows Server 2008 R2. For specific guidance about Setspn, see Setspn Overview, or similar documentation specific to your operating system.

Note

The following procedures reference the Setspn command-line tool. The Setspn command-line tool is included when you install Windows Server 2003 Support Tools from the product CD or from the Microsoft Download Center. For more information about how to install Windows Support Tools from the product CD, see Install Windows Support Tools.

To manually create a domain user Service Principal Name (SPN) for the SQL Server service account

  1. On the Start menu, click Run, and then enter cmd in the Run dialog box.

  2. At the command line, navigate to the Windows Server support tools installation directory. By default, these tools are located in the C:\Program Files\Support Tools directory.

  3. Enter a valid command to create the SPN. To create the SPN, you can use the NetBIOS name or the fully qualified domain name (FQDN) of the computer running SQL Server. However, you must create an SPN for both the NetBIOS name and the FQDN.

    Important

    When you create an SPN for a clustered SQL Server, you must specify the virtual name of the SQL Server Cluster as the SQL Server computer name.

    - To create an SPN for the NetBIOS name of the SQL Server computer, type the following command: **setspn –A MSSQLSvc/\<SQL Server computer name\>:1433 \<Domain\\Account\>**
    
    - To create an SPN for the FQDN of the SQL Server computer, type the following command: **setspn -A MSSQLSvc/\<SQL Server FQDN\>:1433 \<Domain\\Account\>**
    

    Note

    The command to register an SPN for a SQL Server named instance is the same as that you use when you register an SPN for a default instance except that the port number must match the port that is used by the named instance.

To verify the domain user SPN is registered correctly by using the Setspn command

  1. On the Start menu, click Run, and then enter cmd in the Run dialog box.

  2. At the command prompt, enter the following command: setspn –L <domain\SQL Service Account>.

  3. Review the registered ServicePrincipalName to ensure that a valid SPN has been created for the SQL Server.

To verify the domain user SPN is registered correctly when using the ADSIEdit MMC console

  1. On the Start menu, click Run, and then enter adsiedit.msc to start the ADSIEdit MMC console.

  2. If necessary, connect to the domain of the site server.

  3. In the console pane, expand the site server's domain, expand DC=<server distinguished name>, expand CN=Users, right-click CN=<Service Account User>, and then click Properties.

  4. In the CN=<Service Account User> Properties dialog box, review the servicePrincipalName value to ensure that a valid SPN has been created and associated with the correct SQL Server computer.

To change the SQL Server service account from local system to a domain user account

  1. Create or select a domain or local system user account that you want to use as the SQL Server service account.

  2. Open SQL Server Configuration Manager.

  3. Click SQL Server Services, and then double-click SQL Server<INSTANCE NAME>.

  4. On the Log on tab, select This account, and then enter the user name and password for the domain user account created in step 1, or click Browse to find the user account in Active Directory Domain Services, and then click Apply.

  5. Click Yes in the Confirm Account Change dialog box to confirm the service account change and restart the SQL Server Service.

  6. Click OK after the service account has been successfully changed.

Manage Site Components with the Configuration Manager Service Manager

Use the Configuration Manager Service Manager to control System Center 2012 Configuration Manager services and to view the status of any Configuration Manager services or threads (referred to collectively as Configuration Manager components). Configuration Manager components can run on any site system. Components are managed the same way that you manage services in Windows; you can start, stop, pause, resume, or query Configuration Manager components.

A Configuration Manager service runs when there is something for it to do (typically, when a configuration file is written to a component's inbox). If you have to identify the component involved in an operation, you can use the Configuration Manager Service Manager to manipulate various Configuration Manager services and threads and then view the resulting change in the behavior of Configuration Manager. For example, you can stop Configuration Manager services one at a time until a particular response is eliminated. Doing so enables you to determine which service causes the behavior.

Tip

The following procedure can be used to manipulate Configuration Manager component operation. If you want to modify the logging options of a component, see the Configure Logging Options by Using the Configuration Manager Service Manager section in the Technical Reference for Log Files in Configuration Manager topic.

To use the Configuration Manager Service Manager

  1. In the Configuration Manager console, click Monitoring, expand System Status, and then click Component Status.

  2. On the Home tab, in the Component group, click Start, and then select Configuration Manager Service Manager.

  3. When the Configuration Manager Service Manager opens, connect to the site that you want to manage.

    If you do not see the site that you want to manage, click Site, click Connect, and then enter the name of the site server of the correct site.

  4. Expand the site and navigate to Components or Servers depending on where the components that you want to manage are located.

  5. In the right pane, select one or more components and then on the Component menu, click Query to update the status of your selection.

  6. After the status of the component is updated, use one of the four action-based options on the Component menu to modify the components operation. After you request an action, you must query the component to display the new status of the component.

  7. Close the Configuration Manager Service Manager when you are finished modifying the operational status of components.

Perform a Site Reset

Configuration Manager uses a site reset to reapply the default file and registry permissions on a primary or central administration site server and to reinstall site components at a site. Secondary sites do not support a site reset. You can perform a manual site reset to restore these settings, and Configuration Manager runs a site reset automatically after you make a configuration change that requires this action.

For example, if there has been a change to the accounts used by Configuration Manager components, a manual site reset ensures the account details used by the components are correct and resets the access control lists (ACLs) used by remote site systems to access the site server. Or, if you modify the client or server languages that a site supports, Configuration Manager automatically runs a site reset because the reset is required before a site can use this change.

Note

A site reset does not reset access permissions to non-Configuration Manager objects.

Important

A site reset reinstalls all site system roles at a site.

During a site reset, Setup stops and restarts the SMS_SITE_COMPONENT_MANAGER service and the thread components of the SMS_EXECUTIVE service. Additionally, Setup removes, and then re-creates, the site system share folder and the SMS Executive component on the local computer and on remote site system computers. After Setup reinstalls the SMS_SITE_COMPONENT_MANAGER service, this service installs the SMS_EXECUTIVE and the SMS_SQL_MONITOR services. In addition, a site reset restores the following objects:

  • The SMS or NAL registry keys, and any default subkeys under these keys.

  • The Configuration Manager file directory tree, and any default files or subdirectories in this file directory tree.

Permissions to Perform a Site Reset

The account that you use to perform a site reset must have the following permissions:

  • Central administration site: The account that you use to run a site reset at this site must be a local administrator on the central administration site server and must have privileges that are equivalent to the Full Administrator role-based administration security role.

  • Primary site: The account that you use to run a site reset at this site must be a local administrator on the primary site server and must have privileges that are equivalent to the Full Administrator role-based administration security role. If the primary site is in a hierarchy with a central administration site, this account must also be a local administrator on the central administration site server.

How To Perform a Site Reset

You can perform a site reset of a Configuration Manager primary site or central administration site, by starting Configuration Manager Setup on the Start menu of the site server computer or on the Configuration Manager source media.

To perform a site reset

  1. Run Configuration Manager Setup from <Configuration Manager site installation folder>\BIN\X64\setup.exe.

  2. On the Getting Started page, select Perform site maintenance or reset this site, and then click Next.

  3. On the Site Maintenance page, select Reset site with no configuration changes, and then click Next.

  4. Click Yes to begin the site reset.

When the site reset is finished, click Close to complete this procedure.

Manage Language Packs at Configuration Manager Sites

Use the information in the following sections to help you manage server and client language packs for your Configuration Manager sites.

Add Language Packs to a Site

To add support for a server language pack or client language pack to a site, run Configuration Manager Setup and select the languages to use. When you add server language packs to a site they are made available for Configuration Manager console installations and applicable site system roles. When you add client language packs to a site, Configuration Manager adds them to the client installation source files so that new client installations, or upgrades, can add support for the current list of client languages.

How to add language packs during site installation: To add support for language packs to a new central administration site, or a primary site, use the appropriate procedure in the Install a Site Server section of the Install Sites and Create a Hierarchy for Configuration Manager topic. The procedures in that topic include the selection of language packs when you install a site.

How to modify the languages packs at a site: To add or remove support for language packs at a previously installed site, run Setup from the Configuration Manager installation folder on the site server.

Use the following procedure to modify the language packs that a site supports after the site is installed.

To modify the language packs that are supported at a site

  1. On the site server, run Configuration Manager Setup from <Configuration Manager site installation folder>\BIN\X64\setup.exe.

  2. On the Getting Started page, select Perform site maintenance or reset this Site, and then click Next.

  3. On the Site Maintenance page, select Modify language configuration, and then click Next.

  4. On the Prerequisites Downloads page, select Download required files to acquire updates to language packs, or select Use previously downloaded files to use previously downloaded files that include the language packs you want to add to the site. Click Next to validate the files and continue.

  5. On the Server Language Selection page, select the check box for server languages this site supports, and then click Next.

  6. On the Client Language Selection page, select the check box for client languages that this site supports, and then click Next.

  7. Click Next, to modify language support at the site.

    Note

    Configuration Manager initiates a site reset which also reinstalls all site system roles at the site.

  8. Click Close to complete this procedure.

Update Servers and Clients with New Language Packs

Use the information in the following sections and to add support for language packs.

How to Update Language Packs on Clients

After you update the client language packs at a site, you must install each client that will use the language packs by using source files that include the client language packs.

For information about how to install clients with support for language packs, see the Planning for Client Language Packs section in the Planning for Sites and Hierarchies in Configuration Manager topic.

How to Update Language Packs on Site Servers and Site Systems

After you update the server language packs at a site, there are no additional actions required. Configuration Manager automatically updates applicable components.

How to Update Language Packs on Configuration Manager Consoles

After you update the server language packs at a site, you can add support for the language packs to Configuration Manager consoles.

To add support for a server language pack to a Configuration Manager console, you must install the Configuration Manager console from the ConsoleSetup folder on a site server that includes the language pack that you want to use. If the Configuration Manager console is already installed, you must first uninstall it to enable the new installation to identify the current list of supported language packs.

For more information about how to install Configuration Manager consoles with support for additional languages, see the Manage Configuration Manager Console Languages section in the Install Sites and Create a Hierarchy for Configuration Manager topic.